Instant Payment Notification (IPN)

Introduction

The IPN system will notify your server when you receive a payment and when a payment status changes. This is a easy and useful way to integrate our payments into your software to automate order completion, digital downloads, accounting, or whatever you can think up. It is implemented by making a HTTP POST call over a https:// or http:// URL to a script or CGI program on your server.

IPN Setup

The first step is to go to the My Settings page and set a IPN Secret. Your IPN Secret is a string of your choosing that is used to verify that an IPN was really sent from our servers (recommended to be a random string of letters, numbers, and special characters). Our system will not send any IPNs unless you have an IPN Secret set. See the "Authenticating IPNs" section for more details. At the same time you can optionally set an IPN URL; this is the URL that will be called when sending you IPN notifications. You can also set an IPN URL in your Buy Now and Cart buttons that will be used instead of this one.

IPN Retries / Duplicate IPNs

If there is an error sending your server an IPN, we will retry up to 10 times. Because of this you are not guaranteed to receive every IPN (if all 10 tries fail) or that your server will receive them in order. Your IPN handler must always check to see if a payment has already been handled before to avoid double-crediting users, etc. in the case of duplicate IPNs.

Authenticating IPNs

We use your IPN Secret as the HMAC shared secret key to generate an HMAC signature of the raw POST data. The HMAC signature is sent as a HTTP header called HMAC. Here is what it would look like in PHP :

$merchant_id = 'Your_Merchant_ID';
$secret = 'Your_IPN_Secret';

if (!isset($_SERVER['HTTP_HMAC']) || empty($_SERVER['HTTP_HMAC'])) {
  die("No HMAC signature sent");
}

$merchant = isset($_POST['merchant']) ? $_POST['merchant']:'';
if (empty($merchant)) {
  die("No Merchant ID passed");
}

if ($merchant != $merchant_id) {
  die("Invalid Merchant ID");
}

$post_hmac = "merchant=".$merchant."&txn_id=".$txn_id."&amount1=".$amount1."&amount2=".$amount2."¤cy1=".$currency1."¤cy2=".$currency2."&status=".$status;
$hmac = hash_hmac("sha512", $post_hmac, trim($secret));
if ($hmac != $_SERVER['HTTP_HMAC']) {
  die("HMAC signature does not match");
}

Payment Statuses

Payments will post with a 'status' field, here are the currently defined values:

• -1 = Cancelled / Timed Out

• 0 = Waiting for buyer funds

• 1 = We have confirmed coin reception from the buyer

• 2 = Queued for nightly payout (if you have the Payout Mode for this coin set to Nightly)

• 100 = Payment Complete. We have sent your coins to your payment address or 3rd party payment system reports the payment complete

For future-proofing your IPN handler you can use the following rules:

• <0 = Failures/Errors

• 0-99 = Payment is Pending in some way

• >=100 = Payment completed successfully

IPN POST Fields

Required Fields - These fields will be here for all IPN types:

Deposit Information (ipn_type = 'deposit')

Withdrawal Information (ipn_type = 'withdrawal')

Buyer Information (ipn_type = 'simple','button','cart','donation')

Shipping Information (ipn_type = 'simple','button','cart','donation')

If 'want_shipping' was set to 1 we will collect and forward shipping information, but as always they could have manually messed with your button so be sure to verify it.

Simple Button Fields (ipn_type = 'simple')

Advanced Button Fields (ipn_type = 'button')

Shopping Cart Button Fields (ipn_type = 'cart')

Donation Button Fields (ipn_type = 'donation')

API Generated Transaction Fields (ipn_type = 'api')